Information clause on processing personal data within the scope of and to a purpose following from the subject of e-mail correspondence

  1. The Personal Data Controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Dz.Urz.UE.L No. 119.1, as amended), hereinafter referred to as "GDPR", is the Częstochowa University of Technology with its registered office at ul. J.H. Dąbrowskiego 69, 42-201 Częstochowa, POLAND, e-mail address:
  2. The Personal Data Controller appointed the Data Protection Officer, hereinafter referred to as DPO. The DPO is available at the following e-mail address: or by phone: +48 34 32 50 471, or by using the contact details of the Controller.
  3. Submitted personal data will be processed only within the scope of and to a purpose following from the subject of e-mail correspondence carried on with you and to investigate or put forward presumptive legal claims or to defend against such claims. Unnecessary or redundant data will be deleted by the e-mail addressee and will not be processed by the Controller.
  4. The legal basis for the processing is fulfilment of the legal obligation imposed on the Controller (art. 6 clause 1, point c of GDPR) and legitimate interest of the Controller (art. 6 clause 1, point f of GDPR).
  5. Special categories of personal data shall be processed if the data subject has given explicit consent to the processing of those personal data (art. 9 clause 2, point a of GDPR), if processing is necessary for the establishment, exercise or defence of claims (art. 6 clause 1, point f of GDPR) and when processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law (art. 6 clause 1, point g of GDPR).
  6. Personal data provided shall be erased or stored in accordance with the applicable archiving regulations. Storage of personal data results from discharge of obligations arising from legal regulations.
  7. The Controller does not intend to transfer personal data to other recipients except for entities entitled thereto by virtue of legal regulations.
  8. The Controller may transfer personal data to any third state or international organization for the purposes of fulfillment of the Controller's  legal obligation or its other obligations arising from the subject-matter of the correspondence conducted with you – within the scope necessary for discharge of those obligations. Any transfer of personal data to a third state or an international organization can take place only in accordance with the GDPR provisions.
  9. The  data subject has the right to request from the Controller access to the data contents, rectification or  removal of the data or restriction of the data processing and the right to raise objection against the data processing, the right to transfer the data and to withdraw the consent at any moment without prejudice to the right to data processing which was performed on the basis of the consent before the withdrawal thereof.
  10. The data subject has the right to file a complaint with the Supervisory Authority i.e. the President of the Personal Data Protection Office when the data subject deems that processing of his / her personal data infringes the GDPR provisions.